CryptoShadow Ransomware
Posted: January 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 25 |
| First Seen: | January 19, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The CryptoShadow Ransomware is a derivative of Hidden Tear, a proof-of-concept Trojan that leverages file-encrypting attacks to block the PC user's local data. Like almost every other Trojan with such a payload, the CryptoShadow Ransomware demands ransom money before giving you a theoretically valid decryption solution to reverse the damage it causes. Standard security protocols are to withhold any payments, if possible, remove the CryptoShadow Ransomware by disinfecting your PC with anti-malware tools, and then use other means of data recovery.
The Rising Shadow of Yet Another, Hopeful Extortionist
After leaving starting marks in the new year with variants like the First Ransomware and the Hidden-Peach Ransomware, the Hidden Tear family is continuing to replicate at a rapid pace later into January. The CryptoShadow Ransomware is one of the newest versions of Hidden Tear, with debugging information that malware experts tie to threat actors calling themselves the 'Darklabs Team' currently. Although current samples include some important specifics, most of the CryptoShadow Ransomware's functions follow the same template one can see with any other version of Hidden Tear.
Threat actors seem to be installing the CryptoShadow Ransomware as a fake version of Internet Explorer without trying to conceal the executable format. When the victim launches it, the Trojan scans local and network-mapped drives for files fitting its whitelist parameters, such as documents and photos. The CryptoShadow Ransomware modifies those files with an AES-based enciphering process that 'locks' them from opening, and flags them with '.doomed' extensions for legibility purposes.
The second phase of the CryptoShadow Ransomware's payload does include some limited geographical metrics; malware experts only confirm that the CryptoShadow Ransomware is creating Spanish-based ransoming messages. The Trojan places these text messages ('LEER_INMEDIATAMENTE.txt') on the victim's desktop with the intent of selling a decryptor to them. In most cases, ransoms take place through a protected mechanism like Bitcoin, which stops you from retrieving your money if the decryptor doesn't work.
Bringing Light to the Shadowy Business of Digital Hostage-Taking
All security recommendations that have proved worthwhile against other versions of Hidden Tear still are useful for limiting issues from the CryptoShadow Ransomware, which shows no substantial improvements to its code. Keeping backups on a cloud service or a removable device is recommended especially as a means of guaranteeing complete data recovery without the uncertainty of a decryption routine. However, for careless victims without other options, malware experts do endorse using free Hidden Tear decryptors on offer by reputable cyber security organizations.
Trojans of the CryptoShadow Ransomware's classification may terminate default security programs or conduct network activity that could help threat actors gain control over your PC. Whether or not saving your encrypted files is a priority, always use dedicated anti-malware products (ideally, ones with good detection rates against old versions of Hidden Tear) for disinfecting your PC and uninstalling the CryptoShadow Ransomware. Malware experts can confirm the Trojan's full compatibility with the majority of versions of Windows, like other members of its family.
Con artists need to put almost no effort into creating 'new' threats like the CryptoShadow Ransomware, which shows only minor tweaks from previous Trojans. As a result, anyone with files worth saving will need to match the threat industry's industriousness by making equally-regular backups, lest they end up paying out of pocket for their mistake.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.